- OnlyHacksSummary This Valentine’s-themed web challenge focuses on exploiting Cross-Site Scripting (XSS) to steal a cookie, hijack an account, and retrieve the flag. Write-up The login page appears resistant to basic SQL injection and authentication bypass attempts. We will move on with the Sign Up function. The signup process, however, requires a profile picture upload, which… Read more: OnlyHacks